Issued:: 2021-08-31
Updated:: 2021-08-31

RHSA-2021:3322 - Security Advisory

Overview
Updated Packages

Synopsis

Important: microcode_ctl security, bug fix and enhancement update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

Description

The microcode_ctl packages provide microcode updates for Intel.

Security Fix(es):

hw: Vector Register Data Sampling (CVE-2020-0548)
hw: L1D Cache Eviction Sampling (CVE-2020-0549)
hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)
hw: Information disclosure issue in Intel SGX via RAPL interface

(CVE-2020-8695)

hw: Vector Register Leakage-Active (CVE-2020-8696)
hw: Fast forward store predictor (CVE-2020-8698)
hw: vt-d related privilege escalation (CVE-2020-24489)
hw: improper isolation of shared resources in some Intel Processors

(CVE-2020-24511)

hw: observable timing discrepancy in some Intel Processors

(CVE-2020-24512)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - AUS 7.3 x86_64

Fixes

BZ - 1788786 - CVE-2020-0548 hw: Vector Register Data Sampling
BZ - 1788788 - CVE-2020-0549 hw: L1D Cache Eviction Sampling
BZ - 1827165 - CVE-2020-0543 hw: Special Register Buffer Data Sampling (SRBDS)
BZ - 1828583 - CVE-2020-8695 hw: Information disclosure issue in Intel SGX via RAPL interface
BZ - 1890355 - CVE-2020-8696 hw: Vector Register Leakage-Active
BZ - 1890356 - CVE-2020-8698 hw: Fast forward store predictor
BZ - 1962650 - CVE-2020-24489 hw: vt-d related privilege escalation
BZ - 1962702 - CVE-2020-24511 hw: improper isolation of shared resources in some Intel Processors
BZ - 1962722 - CVE-2020-24512 hw: observable timing discrepancy in some Intel Processors
BZ - 1972335 - [rhel-7.3.z] Re-enable 06-5e-03 (SKL-H/S, CPUID 0x506e3) latest microcode updates

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 7.3

SRPM
microcode_ctl-2.1-16.42.el7_3.src.rpm	SHA-256: 30e787d492d5c501063d99e669fd26d40afad80154c60405fb64cce410cf21fc
x86_64
microcode_ctl-2.1-16.42.el7_3.x86_64.rpm	SHA-256: 5dee09a497713e2ce3fc9b4bfebbd19f3ec665bfaa5f57babfb3cfd11fc9f1a1
microcode_ctl-debuginfo-2.1-16.42.el7_3.x86_64.rpm	SHA-256: d33e7264414caed7aabd955f390e8bf4f51ca3c096a916858d50c6df37a91c0a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Ansible.com

Red Hat Ecosystem Catalog

Red Hat Hybrid Cloud Console

Red Hat Store

Red Hat Marketplace

Red Hat Summit and AnsibleFest